Master Thesis Computer Science Thesis no: MCS-2007:07 22nd March, 2007

Security Threats in Mobile Ad Hoc Network

Kamanshis Biswas and Md. Liakat Ali

Department of Interaction and System Design School of Engineering Blekinge Institute of Technology Box 520 SE – 372 25 Ronneby Sweden

This thesis is submitted to the Department of Interaction and System Design, School of Engineering at Blekinge Institute of Technology in partial fulfillment of the requirements for the degree of Master of Science in Computer Science. The thesis is equivalent to 20 weeks of full time studies.

Contact Information:
Author(s): Kamanashis Biswas E-mail: avrobth@gmail.com

Md. Liakat Ali E-mail: liakat3026@gmail.com

Advisor: Rune Gustavsson E-mail: rgu@bth.se Department of Computer Science

Department of Interaction and System Design Blekinge Institute of Technology Box 520 SE – 372 25 Ronneby Sweden

Internet: www.bth.se/tek Phone: +46 457 38 50 00 Fax: + 46 457 102 45

i

Acknowledgements

First and foremost, we would like to express our heartiest gratitude to our honorable supervisor Prof. Dr. Rune Gustavsson for his suggestions, guidance, constant encouragement and enduring patience throughout the progress of the thesis. We would also like to express our sincere thanks to Martin Fredriksson for his advices and all-out cooperation.

ii

Abstract

Mobile Ad Hoc Network (MANET) is a collection of communication devices or nodes that wish to communicate without any fixed infrastructure and pre-determined organization of available links. The nodes in MANET themselves are responsible for dynamically discovering other nodes to communicate. Although the ongoing trend is to adopt ad hoc networks for commercial uses due to their certain unique properties, the main challenge is the vulnerability to security attacks. A number of challenges like open peer-to-peer network architecture, stringent resource constraints, shared wireless medium, dynamic network topology etc. are posed in MANET. As MANET is quickly spreading for the property of its capability in forming temporary network without the aid of any established infrastructure or centralized administration, security challenges has become a primary concern to provide secure communication. In this thesis, we identify the existent security threats an ad hoc network faces, the security services required to be achieved and the countermeasures for attacks in each layer. To accomplish our goal, we have done literature survey in gathering information related to various types of attacks and solutions, as well as we have made comparative study to address the threats in different layers. Finally, we have identified the challenges and proposed solutions to overcome them. In our study, we have found that necessity of secure routing protocol is still a burning question. There is no general algorithm that suits well against the most commonly known attacks such as wormhole, rushing attack etc. In conclusion, we focus on the findings and future works which may be interesting for the researchers like robust key management, trust based systems, data security in different layer etc. However, in short, we can say that the complete security solution requires the prevention, detection and reaction mechanisms applied in MANET. Keywords: MANET, blackhole, wormhole, DoS, routing, TCP ACK storm, backoff scheme

iii

. . . iv 14 14 . . . . . . 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. . . . . . . . . . . . . . . . . . . . . .1 Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 2 3 3 5 Chapter Two Security Services . .5 Nonrepudiation . . . . . . . . . . . . . . . 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Wormhole Attacks . . . . . . . . . . . . 2. . 9 9 10 11 12 13 13 Chapter Four Security Threats in Physical Layer . . . . . . . . . 6 6 7 7 7 8 8 8 Chapter Three Types of Security Attacks . . . . . . . . . . . . . . . .3 Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 Attacks Using Modification . . . . . . . . . 3. . . . . . . .7 Summary . . . .5 Lack of Cooperation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1. . . . . . . . . . . . . . . . . . . . . . . 3. . . . . . . . . . . . . . . . . . . . . . . .4 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Contents Chapter One Introduction .4 Guidance to the Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 Our Work . . . . . . . . . . . . . . . . . . 2. . . . . . . . . . . . . . . . . . . . . . . . 2. . . . . . . . . . . . . . . . . . . . . . . . . 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Attacks Using Impersonation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Research Goals . . . . . . . . . . . . . . . . . . . . . . . . 1. . . . . . . . . . 1. . . . . . . . . . . . . . .1 Eavesdropping . . . . . . . . . . . . . . . . . . . . . . . . . . 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 Scalability . . . . . . . . . . . . . . . . . . .2 Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 Summary . . . . . . . . . . . . . . . 3. . . . . .3 Attacks through Fabrication . . . . . . . . . . . . . . . . . . . 1. . . . . . . . . . 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. .

. . . . . . . 14 15 Chapter Five Security Threats in Link Layer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Summary . . . . . . . . .3 Summary . . . . . . . . . . . . . . . .2 Network Layer Attacks . . . . . . . . . . . . .1 Malicious Code Attacks . . . . . . . .4 Other Advanced Attacks . . . . . . . . . . . . . . . . .1 Threats in IEEE 802. . . . . . . . . . . . . . . . . . . . . . . . . . . .1. . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Other Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6. . . . . . . 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6. . . . . . . . . . . . . . . . . . . . 5. . . . . . . 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 SYN Flooding Attack . . . . . . . . . . . . . . . . . .2 Threats in IEEE 802. . . . . . . . . . . . . . . . . . . . . 19 6. . . . . . . . . .2 Interference and Jamming . . . . . 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Routing Cache Poisoning Attack . . . . . .1. . . . . . . . . . . . 16 16 17 18 Chapter Six Security Threats in Network Layer . . . . . . . 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8. . . . . .3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1Table-driven . . . . . . . . . . . . . . 30 30 v . . . . . . . .1 Routing Table Overflow Attack . . . . . . . . . . . . . . .4 Summary . . . . 27 27 28 28 29 Chapter Eight Security Threats in Application Layer . . . . . . . .3 Attacks on Particular Protocol . .. . . . . . . . . . . . . . . . . . . . . . . . .2 Session Hijacking .11 WEP . . . 20 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7. . . . . . . 4. . 5. 7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6. . . . . .2 On-Demand . .3 TCP ACK Storm . . 19 19 6. . . . . . . . . . . . . . . . . . . . . . . . . . . .1. . . . . . . 7. . . . .2. 7. . . . . . . . . . . . . . . . . . . . 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. . . . . . . . . . .11 MAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . 20 20 21 22 22 24 26 Chapter Seven Security Threats in Transport Layer . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .1 Countermeasures on Physical Layer Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10. . . . . . . . . . . . . . .4 Countermeasures on Transport Layer Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Repudiation Attacks . . . . . . 31 Chapter Nine Countermeasures . . . . . . . . 33 9. . . . . . .2 Countermeasures on Link Layer Attacks . . 32 9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Countermeasures on Network Layer Attacks . . . . . . . . . . . . . . . . . . . . . . 30 8. . . . . . . . . . . 34 9. . . . . . .1 Future Directions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8. . . . . . . . . . . . . . . . . . . . . . . .5 Countermeasures on Application Layer Attacks . . . . .6 Summary . . . . . . . . . . . . . . . 38 vi . 36 37 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 9. . . . . 35 35 Chapter Ten Conclusion . . . . . . . . . . . . . . . . . . . . . 33 9. . . .

. .1 Ad hoc network and a malicious node . .2 Ad hoc network with DoS attack . . . . . . . . . . . . . . . . . . . . . 29 vii . . . . . 10 10 11 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .List of Figures 3.1 TCP Three Way Handshake . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 Routing attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 7. . . . . . . . . . . . .2 TCP ACK Storm . . . . 12 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 The blackhole problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 6. . . 25 7. . . . . . . . . . . . . . . . . . . .3 A sequence of events forming loops by spoofing packets . 3. . . . . . . . . . . . . . . . . . .4 Path length spoofed by tunneling . . . . . . . . . . . 3. . .

. . . . . . . . . . . . . . . . . . .1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Table 1. . . . Table 1. . . . . . . . . . . . . . .3 . . . . . . . . . . . . . . . . . . . . . . .2 . .List of Tables Table 1. . . . . . . . . . . . 4 4 5 viii . . . . . . . . . . . . . . . . . . . . . .

it may be necessary for one mobile node to enlist other hosts in forwarding a packet to its destination due to the limited transmission range of wireless network interfaces. While early research effort assumed a friendly and cooperative environment and focused on problems such as wireless channel access and multihop routing.1 Background Now-a-days. In such an environment. security has become a primary concern in order to provide protected communication between nodes in a potentially hostile environment. Each node participates in an ad hoc routing protocol that allows it to discover multihop paths through the network to any other node. Each mobile node operates not only as a host but also as a router forwarding packets for other mobile nodes in the network that may not be within the direct transmission range of each other. Mobile ad hoc network (MANET) is one of the recent active fields and has received marvelous attention because of their self-configuration and self-maintenance capabilities [16]. 1 Security Threats in Mobile Ad Hoc Networks . 1. Recent wireless research indicates that the wireless MANET presents a larger security problem than conventional wired and wireless networks.Chapter One Introduction An ad hoc network is a collection of wireless mobile nodes that forms a temporary network without any centralized administration. since the mobile nodes in the network dynamically establish routing among themselves to form their own network on the fly [2]. This idea of Mobile ad hoc network is also called infrastructureless networking.

Finally. Kong. and absence of central authorities. Thirdly. 1. For example the resource constraints on nodes in ad hoc networks limit the cryptographic measures that are used for secure messages. e. Secondly. have defined a method that is designed to ensure equal participation among members of the ad hoc group. An attacker can listen. this protocol is based on erroneous assumptions. MANETs face challenges in secure communication. mobile nodes without adequate protection are easy to compromise. Various attacks like DoS (Denial of Service) can easily be launched and flood the network with spurious routing messages through a malicious node that gives incorrect updating information by pretending to be a legitimate change of routing information. on the other sides they have a unique set of challenges. have focused on the routing security issues in MANETs and have described a solution of ‘black hole’ problem [2]. modify and attempt to masquerade all the traffic on the wireless communication channel as one of the legitimate node in the network. unfortunately. Hubaux et al. Yi et al. Firstly. the wireless MANET is particularly vulnerable due to its fundamental characteristics of open medium. lack of cooperation and constrained capability is common in wireless MANET which makes anomalies hard to distinguish from normalcy.g. have proposed a 2 Security Threats in Mobile Ad Hoc Networks . dynamic topology. that each node cannot impersonate the MAC address of multiple other nodes.. also have designed a general framework for secure ad hoc routing [17].Chapter 1 Introduction Although mobile ad hoc networks have several advantages over the traditional wired networks. distribution cooperation and constrained capability [2]. Deng. In general.2 Related Work A number of researches are done on security challenges and solutions in Mobile ad hoc network. Sanzgiri. et al. Thus it is susceptible to link attacks ranging from passive eavesdropping to active impersonation. static configuration may not be adequate for the dynamically changing topology in terms of security solution. message replay and message distortion. and that gives each node the authority to issue certificates [3]. et al. [8] have proposed a secure ad hoc routing protocol based on secret sharing. et al. Zhou and Haas have proposed using threshold cryptography for providing security to the network [18].

The solutions of the current problems are also reported here so that one may get direction. have identified the security issues related to multihop network connectivity. integrity and authentication can be achieved from mobile ad hoc networks? What steps should be taken? What are the countermeasures? How the security of the entire system is ensured? What are the potential dangers that may be crucial in future? 1.and network-layer operations of delivering packets over the multihop wireless channel [16]. the emphasis is given only on the link layer and network layer security issues. 6.Yang. network layer. This study provides a good understanding of the current security challenges and solutions of the MANETs. In general the following questions are addressed in our thesis:     What are the vulnerabilities and security threats in MANET? Which level is most vulnerable to attack? How the security services like confidentiality. Chapter 3 presents the security exploits possible in ad hoc network. discussed the challenges to security design. This modularity extends the clarity and depicts the original scenario in each layer. Chapter 2 is an overview of the security goals that must be achieved to ensure secure communication in MANET. transport layer. 7 and 8 presents the security challenges in Link layer. Chapter 4 emphasizes on threats imposed in Physical layer. The security issues are analyzed from individual layers namely application layer.Chapter 1 Introduction secure routing protocol ARAN which is based on certificates and successfully defeats all identified attacks [14]. Chapter 5. et al. 1. and reviewed the stateof-art security proposals that protect the MANET link.3 Research Goals In this thesis. link layer and physical layer. 3 Security Threats in Mobile Ad Hoc Networks .4 Guidance to the Work The thesis is organized as follows. In this paper. we focus on the overall security threats and challenges in Mobile ad hoc networks (MANET).

2 [16] represents the solutions in each layer in MANET. eavesdropping Data link layer Physical layer Table 1. worms. monitoring. The following two tables. data corruption Session hijacking.1: Security Attacks on each layer in MANET Layer Application layer Transport layer Network layer Attacks Repudiation. malicious codes. Chapter 9 focuses on the solutions of the problems described in previous sections. precisely Table 1.11). And finally Chapter 10 offers the concluding remarks and future works.Chapter 1 Introduction Network layer. disruption MAC (802.1[15] summarizes the attacks and Table 1. WEP weakness Jamming. flooding. interceptions. Table 1. resource consumption. and application abuses Authentication and securing end-to-end or point-to-point Transport layer Network layer Data link layer Physical layer communication through data encryption Protecting the ad hoc routing and forwarding protocols Protecting the wireless MAC protocol and providing link layer security support Preventing signal jamming denial-of-serviceattacks 4 Security Threats in Mobile Ad Hoc Networks .2: Security Solutions for MANET Layer Application layer Security Issues Detecting and preventing viruses. Transport layer and Application layer respectively. Byzantine. location disclosure attacks Traffic analysis. blackhole. SYN flooding Wormhole.

authentication and message cache integrity mechanisms to prevent routing poisoning. we have identified the security threats in each layer and corresponding countermeasures. Using Spread spectrum mechanisms e. blackhole. AODV etc.5 Our Work Introduction Security should be taken into account at the early stage of design of basic networking mechanisms. Cooperation Application Malicious code attacks (virus. Securing routing Network layer Wormhole. Table 1. impersonation attacks. message modification. Trojan IDS etc. 5 Security Threats in Mobile Ad Hoc Networks . horses) etc. secure link layer weakness etc. ESP. communication. TLS. Confidant. using WPA etc. SAR. ARAN) to overcome blackhole. No effective mechanism to prevent traffic disruption MAC (802.g. protocol like LLSP. eavesdropping interceptions. Session hijacking attack. flooding. Firewalls. CORE) mechanisms. disclosure attacks etc. SYN Authentication and securing end-to-end or Transport layer flooding attack. layer worms. location protocols (e.g. impersonation. spywares. WEP analysis and monitoring. SECTOR mechanism for wormhole attack etc. resource consumption.).g. Routing protocol attacks (e. Traffic Data link layer Physical layer analysis. PCT) etc. Byzantine. SET. Jamming. packet leashes. Source DSR. use of public cryptography (SSL. table overflow attacks.Chapter 1 1. In our study.3: Security threats and countermeasures Layers Attacks Solutions enforcement (Nuglets. monitoring.11). Lack of cooperation attacks. The following table summarizes the potential security attacks and the actions that can be taken to prevent the attacks. FHSS. IPSec. DSSS etc. TCP ACK point-to-point storm attack etc.

in higher levels. Some of these attacks are amenable to automated countermeasures such as authentication and encryption whereas others require some sort of action to prevent or recover from loss of availability of elements or services of a distributed system. authentication. anonymity and availability to mobile users. an adversary could employ jamming to interfere with communication on physical channel while on network layer it could disrupt the routing protocol and continuity of services of the network. integrity. confidentiality. In order to achieve this goal. on the physical and media access control layers. 2. an adversary could bring down high-level services such as key management service. The common security services are described below. such as authentication. the security solution should provide complete protection spanning the entire protocol stack. authentication service [18]. A variety of attacks can result in the loss of or reduction in availability. Again.1 Availability Availability is concerned with the (unauthorized) upholding of resources. nonrepudiation. For example. There is no single mechanism that will provide all the security services in MANETs. Availability ensures the survivability of network services despite of various attacks.Chapter Two Security Services The ultimate goals of the security solutions for MANETs is to provide security services. 6 Security Threats in Mobile Ad Hoc Networks .

Basically.g. with no duplication. It also ensures that a message being transmitted is never corrupted. such as a warning or alarm signal. the most useful and straightforward approach is total stream protection. Thus it addresses both message stream modification and denial of service.4 Authentication Authentication ensures that the access and supply of data is done only by the authorized parties. Transmission of sensitive information such as military information requires confidentiality. But. several levels of protection can be identified. a single message or selected fields within a message. ENIGMA. insertion. A connection-oriented integrity service. In the case of a single message. Routing and packet forwarding information must also remain confidential so that the enemies could never take the advantages of identifying and locating their targets in a battlefield. modification. one that deals with a stream of messages assures that messages are received as sent. it protects data from passive attacks. 2. It is concerned with assuring that a communication is authentic. an 7 Security Threats in Mobile Ad Hoc Networks . the function is to assure the recipient that the message is from the source that it claims to be from. Release of such information to enemies could have devastating consequences e. As with confidentiality.3 Integrity Integrity guarantees that the authorized parties are only allowed to modify the information or messages. The destruction of data is also covered under integrity service. Without authentication.Chapter 2 Security Services 2. or replays.2 Confidentiality Confidentiality ensures that certain information is only readable or accessible by the authorized party. 2. With respect to the release of message contents. reordering. integrity can apply to a stream of messages.

the newly added node in the network can be compromised by the attacker and used for gaining unauthorized access of the whole system. common security services are described briefly. One important point is that always there is a tradeoff between security services and achieving a good tradeoff among these services is one fundamental challenge in security design for MANETs. 8 Security Threats in Mobile Ad Hoc Networks . For example. thus gaining unauthorized access to resource and sensitive information and interfering with the operations of the other nodes [18]. after sending a message.5 Nonrepudiation Nonrepudiation prevents either sender or receiver from denying a transmitted message. 2. Access control is another one which limits and controls the access to host systems and applications via communication links. nonrepudiation allows A to accuse B using this message and to convince other nodes that B is compromised. the receiver can prove that the message was in fact sent by the alleged sender. 2. Thus. Nonrepudiation is useful for detection and isolation of compromised nodes. On the other hand. the sender can prove that the message was received by the alleged receiver. Still there are other security services which also be considered.6 Scalability Scalability is not directly related to security but it is very important issue that has a great impact on security services. 2. Security mechanisms should be scalable to handle such a large network [18]. when a message is sent. It is very easy to make an island-hopping attack through one rough point in a distributed network.7 Summary In this chapter. When node A receives an erroneous message from node B. An ad hoc network may consist of hundreds or even thousands of nodes.Chapter 2 Security Services adversary could masquerade as a node. Otherwise. authorization that is of concern to certain application.

1. 3. Active attack is an attack when misbehaving node has to bear some energy costs in order to perform the threat. Through modification. malicious nodes can easily cause traffic subversion and denial of service (DoS) by simply altering protocol fields: such attacks compromise the integrity of routing computations. On the other hand. impersonation. In this chapter.Chapter Three Types of Attacks in MANET The current Mobile ad hoc networks allow for many different types of attacks. For example a malicious node can redirect the network traffic and conduct DoS attacks by modifying message fields or by forwarding routing message with false values. our focus is on vulnerabilities and exposures in the current ad hoc network. In fig. Although the analogous exploits also exist in wired networks but it is easy to fix by infrastructure in such a network.1 Attacks Using Modification Modification is a type of attack when an unauthorized party not only gains access to but tampers with an asset. 3. M is a malicious node which can keep traffic from reaching X by continuously advertising to B a shorter route to X than the route to X that C advertises [14]. 9 Security Threats in Mobile Ad Hoc Networks . fabrication. passive attacks are mainly due to lack of cooperation with the purpose of saving energy selfishly. redirected to a different destination or to a longer route to reach to destination that causes unnecessary communication delay. Nodes that perform active attacks with the aim of damaging other nodes by causing network outage are considered as malicious while nodes that make passive attacks with the aim of saving battery life for their own communications are considered to be selfish. We have classified the attacks as modification. Current MANETs are basically vulnerable to two different types of attacks: active attacks and passive attacks. In this way. an attacker can cause network traffic to be dropped. wormhole and lack of cooperation.

S transmits a data packet toward X with the source route S --> A --> B --> M --> C --> D --> X contained in the packet’s header. a malicious node can launch many attacks in a network by masquerading as another node i. it attempts to forward the packet to X.e. Suppose S wishes to communicate with X and that S has an unexpired route to X in its route cache. Spoofing is occurred when a malicious node misrepresents its identity in the network (such as altering its MAC or IP address in outgoing packets) and alters the target of the network topology that a benign node can gather.1: Ad hoc network and a malicious node Consider the following fig. 10 Security Threats in Mobile Ad Hoc Networks . and that M is a malicious node attempting a denial of service attack.2: Ad hoc network with Dos attack 3. Since X cannot hear C. Consequently. spoofing.2 Attacks Using Impersonation As there is no authentication of data packets in current ad hoc network. 3. When M receives the packet. Assume a shortest path exists from S to X and. the transmission is unsuccessful [14]. S A B M C D X Figure 3. Here we have described the scenario in details. when C receives the altered packet. C and X cannot hear each other.2. such as deleting D from the source route. it can alter the source route in the packet’s header.Chapter 3 Types of Attacks S A B M C D X Figure 3. that nodes B and C cannot hear other. a spoofing attack allows forming loops in routing packets which may also result in partitioning network. As for example.

A can hear B and D. C. especially in the case of fabricated error messages that claim a neighbor cannot be contacted [11].3(b). 3. Suppose node S has a route to node X via nodes A. A malicious node M can learn about the topology analyzing the discovery packets and then form a routing loop so that no one nodes in his range can reach to the destination X. Similarly. A malicious node M can 11 Security Threats in Mobile Ad Hoc Networks . Then it sends message to C with the information that the route through B contains hop count to X which is less than E.3 Attacks through Fabrication Fabrication is an attack in which an unauthorized party not only gains the access but also inserts counterfeit objects into the system. Now. 3. It sends a message to B that contains a hop count to X which is less than the one sent by C. there exists a path between five nodes. 3. B can hear A and C. In MANET.3: A sequence of events forming loops by spoofing packets In the above fig. B. M again changes its MAC address to match B’s. D and E. fabrication is used to refer the attacks performed by generating false routing messages. Such kind of attacks can be difficult to verify as they come as valid constructs. and D. M changes its MAC address to match A’s. Thus X is unreachable from the four nodes in the network. M can hear A. X to go through A as shown in the fig. Now B changes its route to the destination. and C can hear B. for example zero. C. C changes its route to B which forms a loop as shown in fig.3(c). 3. D can hear A and C. B. 3.Chapter 3 Types of Attacks A M B (a) D A D A D C E …X B M C (b) E …X B (c) C M E …X Figure 3. Consider the fig.1. At first. and D while E can hear C and next node in the route towards X. moves closer to C and out of the range of B.3(a). moves closer to B and out of the range of A.

4. indicating a broken link between nodes C and X. A tunneling attack is where two or more nodes may collaborate to encapsulate and exchange messages between them along existing data routes. If M listens and broadcasts spoofed route error messages whenever a route is established from S to X. When M2 receives the encapsulated RREQ on to D as if had only traveled {S --> M1 --> M2 --> D}. in this case {M1 --> A --> B --> C --> M2}. M can successfully prevent communications between S and X [14].4 Wormhole Attacks Wormhole attack is also known as tunneling attack. B deletes its routing table entry for X and forwards the route error message on to A. B receives the spoofed route error message thinking that it came from C.Chapter 3 Types of Attacks launch a denial-of-service attack against X by continually sending route error messages to B spoofing node C. This exploit gives the opportunity to a node or nodes to short-circuit the normal flow of messages creating a virtual vertex cut in the network that is controlled by the two colluding attackers. Neither M1 nor M2 update the packet header. 3. M1 encapsulates the RREQ and tunnels it to M2 through an existing data route. In the fig.4: Path length spoofed by tunneling Suppose node S wishes to form a route to D and initiates route discovery. When M1 receives a RREQ from S. who then also deletes its routing table entry. M1 and M2 are two malicious nodes that encapsulate data packets and falsified the route lengths. Falsely tunneled path M1 S encapsulate M2 decapsulate D A B C Figure 3. the destination finds two routes 12 Security Threats in Mobile Ad Hoc Networks . After route discovery. 3.

transmission technology and communication mechanisms used by the participating nodes.6 Summary The security of the ad hoc networks greatly depends on the secure routing protocol. In this chapter. the more powerful a MANET gets. This attack is also known as the black hole attack and is described briefly in later section.Chapter 3 Types of Attacks from S of unequal length: one is of 5 and another is of 4. But one of the different kinds of misbehavior a node may exhibit is selfishness. If M2 tunnels the RREP back to M1. S would falsely consider the path to D via M1 is better than the path to D via A. A selfishness node wants to preserve own resources while using the services of others and consuming their resources. This can endanger the correct network operation by simply not participating to the operation or by not executing the packet forwarding. The rest of the thesis describes the threats in each layer in the protocol stack and prescribes solution of those attacks. 13 Security Threats in Mobile Ad Hoc Networks . 3.5 Lack of Cooperation Mobile Ad Hoc Networks (MANETs) rely on the cooperation of all the participating nodes. 3. we have focused on the common attacks in MANET. The more nodes cooperate to transfer traffic. tunneling can prevent honest intermediate nodes from correctly incrementing the metric used to measure path lengths. Thus.

interference. The physical layer must adapt to rapid changes in link characteristics. An attacker with sufficient transmission power and knowledge of the physical and medium access control layer mechanisms can gain access to the wireless medium.2 Interference and Jamming Jamming and interference of radio signals causes message to be lost or corrupt. interference and jamming attacks in brief. As a result transmitted message can be overheard as well as fake message can be injected into the network. The most common physical layer attacks in MANET are eavesdropping. denialof-service and jamming. Moreover an attacker can overhear or disrupt the service of wireless network physically. 4.1 Eavesdropping Eavesdropping is the reading of messages and conversations by unintended receivers. The common radio signal in MANET is easy to jam or intercept. 14 Security Threats in Mobile Ad Hoc Networks .Chapter Four Security Threats in Physical Layer Physical layer security is important for securing MANET as many attacks can take place in this layer. Pulse and random noise are the most common type of signal jamming [15]. 4. Here we will describe eavesdropping. A powerful transmitter can generate signal that will be strong enough to overwhelm the target signal and can disrupt communications. The nodes in MANET share a wireless medium and the wireless communication use the RF spectrum and broadcast by nature which can be easily intercepted with receivers tuned to the proper frequency.

Chapter 4 Security Threats in Physical Layer 4. The attacker may take the opportunity of these volatile characteristics. the communication channel in MANET is bandwidth-constrained and shared among multiple network entities. This channel is also subject to interferences and errors exhibiting volatile characteristics in terms of bandwidth and delay. Again.3 Summary The topology is highly dynamic as nodes frequently leave or join network. 15 Security Threats in Mobile Ad Hoc Networks . and roam in the network on their own will.

11 MAC protocol uses distributed contention resolution mechanisms which are based on two different coordination functions. Moreover.11 MAC The IEEE 802. For resolving channel contention among the multiple wireless hosts. 16 Security Threats in Mobile Ad Hoc Networks . To launch the DoS attack. Malicious nodes may take the advantage of this capture effect vulnerability.11 MAC is vulnerable to DoS attacks. For example. it can cause a chain reaction in the upper level protocols using backoff scheme. Wireless medium access control (MAC) protocols have to coordinate the transmission of the nodes on the common communication or transmission medium. Capture effect means that nodes which are heavily loaded tend to capture the channel by sending data continuously.Chapter Five Security Threats in Link Layer The MANET is an open multipoint peer-to-peer network architecture in which the link layer protocols maintain one-hop connectivity among the neighbors. the attacker may corrupt frames easily by adding some bits or ignoring the ongoing transmission.1 Threats in IEEE 802. Among the contending nodes. the binary exponential scheme favors the last winner which leads to capture effect. thereby resulting lightly loaded neighbors to backoff endlessly. the attacker may exploit the binary exponential backoff scheme. DCF uses a carrier sense multiple access with collision avoidance or CSMA/CA mechanism. 5. Many attacks can be launched in link layer by disrupting the cooperation of the protocols of this layer. One is Distributed Coordination Function (DCF) which is fully distributed access protocol and the other is a centralized access protocol called Point Coordination Function (PCF). like TCP window management [15]. The IEEE 802.

WEP is replaced by AES in 802. 5.  The initialization vector (IV) used in WEP is a 24-bit field which is sent in clear and is a part of the RC4 leads to probabilistic cipher key recovery attack or most commonly known as analytical attack. data and ACK frames is sent by the sender.  The combined use of a non-cryptographic integrity algorithm. The attacker in the local neighborhood is also aware of the duration of the ongoing transmission and he/she may transmit a few bits within this period to incur bit errors in a victim’s link layer frame via wireless interference [16].11i. Lack of key management is a potential exposure for most attacks exploiting manually distributed secrets shared by large populations.11 WEP The first security scheme provided by IEEE 802. Basically. Some of the weakness of the WEP is described below. 17 Security Threats in Mobile Ad Hoc Networks . But it suffers from many design flaws and some weakness in the way RC4 cipher used in WEP.  Key management is not specified in the WEP protocol.Chapter 5 Security Threats in Link Layer Another vulnerability to DoS attacks is exposed in IEEE 802. It is well known that WEP is vulnerable to message privacy and message integrity attacks and probabilistic cipher key recovery attacks.11 standards is Wired Equivalent Privacy (WEP). a small RTS frame including the time needed to complete the CTS. Now.11 MAC through NAV (Network Allocation Vector) field carried in the RTS/CTS (Ready to Send/Clear to Send) frames. it was designed to provide security for WLAN. CRC 32 with the stream chipper is a security risk and may cause message privacy and message integrity attacks. All the neighbors of the sender and receiver update their NAV field according to the time that they overheard for transmission duration. During the RTS/CTS handshake.2 Threats in IEEE 802.

Chapter 5 5. For example. 18 Security Threats in Mobile Ad Hoc Networks .3 Summary Security Threats in Link Layer Most of the link layer attacks in MANET are removed by enhancing the existing protocol or proposing a new protocol to thwart such threats. WPA. Still attacks using the NAV field of RTS/CTS frame remains unsolvable and to the best of our knowledge. it remains unclear how to defeat such resource consumption DoS attacks in MANET. RSN/AESCCMP is also being developed to improve the cryptographic strength and enhance security.

Establishing an optimal and efficient route between the communicating parties is the primary concern of the routing protocols of MANET. 6.1 Table-driven In table-driven routing protocol. HSR (Hierarchical State Routing protocol).1. They can be classified into the following categories. 19 Security Threats in Mobile Ad Hoc Networks . the nodes also function as routers that discover and maintain routes to other nodes in the network. DBF (Distributed Bellman-Ford Routing Protocol). 6. Any attack in routing phase may disrupt the overall communication and the entire network can be paralyzed. Thus. OLSR (Optimized Link State Routing Protocol) etc. One or more tables are used to store routing information. security in network layer plays an important role in the security of the whole network. It means that they maintain consistent up-to-date routing information from each node to every other node in the network. The main target is to provide secure communication and remove flaws in existing protocols. in order to maintain a consistent network environment. changes in network topology etc.Chapter Six Security Threats in Network Layer In MANET.1 Routing Protocols A number of routing protocols have been developed in MANETs. Some common examples are DSDV (Highly Dynamic Destination-Sequenced Distance Vector routing protocol). proactive scheme is used.

GPSR (Greedy Perimeter Stateless Routing) are geographic protocol.1.Chapter 6 Security Threats in Network Layer 6. HSR (Hierarchical State Routing). DYnamic Manet On-demand Routing (DYMOR) etc. On the other hand. 6.Mines). An attacker can absorb network traffic. Some examples of on-demand protocol are Admission Control enabled On demand Routing (ACOR).1(a) and (b) in the next page. The protocol finds the route on demand by flooding the network with Route Request packets. Geographic routing refers to a family of techniques to route data packets in a communication network. OORP (OrderOne Routing Protocol) are examples of hierarchical protocol.1.2 Network Layer Attacks A number of attacks in network layer have been identified and studied in security research. 6. the hierarchical protocols contain scalable routing strategies and establish a hierarchy which is followed in the way of ant-trail.3 Other Routing Protocols There are two other types of routing protocol namely Hybrid and Hierarchical.2 On-Demand Source initiated on-demand (reactive) routing protocol is different from table-driven routing protocol. Another protocol is also used in MANET which is known as geographical routing protocol. For example. HSLS (Hazy Sighted Link State routing protocol) and ZRP (Zone Routing Protocol) are hybrid protocol whereas DDR (Distributed Dynamic Routing Algorithm). a malicious node M can inject itself into the routing path between sender S and receiver R. ALARM (Adaptive Location Aided Routing . inject themselves into the path between the source and destination and thus control the network traffic flow. The hybrid routing protocol is a combination of proactive and reactive scheme. as shown in the fig 6. It creates routes only when asked by the source. 20 Security Threats in Mobile Ad Hoc Networks . Antbased Routing Algorithm for Mobile Ad-Hoc Networks. Dynamic Source Routing (DSR).

1 Routing Table Overflow Attack This attack is basically happens to proactive routing algorithms.2.Chapter 6 Security Threats in Network Layer S X Y R M (a) S X M Y R (b) Figure 6.1: Routing attack Network layer vulnerabilities fall into two categories: routing attacks and packet forwarding attacks [16]. The specific attack behaviors are related to the routing protocol used by the MANET. To launch routing table overflow attack. which update routing information periodically. the attacker tries to create routes to nonexistent nodes to the authorized nodes present in the network. The family of routing attacks refers to any action of advertising routing updates that does not follow the specifications of the routing protocols. 21 Security Threats in Mobile Ad Hoc Networks . 6. The goal is to have enough routes so that creation of new routes is prevented or the implementation of routing protocol is overwhelmed. He/she can simply send excessive route advertisements to overflow the target system’s routing table.

altered or injected with false information.2. This is due to developing routing services without considering security issues. In AODV.3.1 AODV The Ad-hoc On-demand Distance Vector (AODV) routing algorithm is a reactive algorithm that routes data across wireless mesh networks. 6. thus neighboring nodes that overhear the packet may add the route to their route caches [15]. The advantage of AODV is that it is simple.2 Routing Cache Poisoning Attack Security Threats in Network Layer Routing cache poisoning attack uses the advantage of the promiscuous mode of routing table updating. 6. 6.2. the attacker may advertise a route with a smaller distance metric than the original distance or advertise a routing update with a large sequence number and invalidate all routing updates from other nodes. But the main difference is that it uses source routing instead of relying on the routing table at each intermediate node. In DSR. This occurs when information stored in routing tables is either deleted.2. In this section.Chapter 6 6. advantage and disadvantage of some common routing protocols. Suppose a malicious node M wants to poison routes node to X. It also provides functionality so that packets can be forwarded on a hop-by-hop basis. it is possible to modify the source route 22 Security Threats in Mobile Ad Hoc Networks . requires less memory and does not create extra traffic for communication along existing links.3. we will describe about the security threats. M could broadcast spoofed packets with source route to X via M itself.3 Attacks on Particular Routing Protocol There are many attacks in MANET that target the particular routing protocols. Most of the recent research suffers from this problem.2 DSR Dynamic Source Routing (DSR) protocol is similar to AODV in that it also forms route on-demand.2.

It deals with attackers that modify routing information and also with replay attacks and makes use of one-way hash chains rather than implementing expensive asymmetric cryptography operations. 6.Chapter 6 Security Threats in Network Layer listed in the RREQ or RREP packets by the attacker. switching the order or appending a new node into the list is also the potential dangers in DSR. Although ARIADNE is free from a flood of RREQ packets and cache poisoning attack.2. Two different approaches are used for message authentication to prevent the attackers. still it is immune to rushing attack (described in section 6.4. message integrity and non-repudiation as a part of a minimal security policy.3.2. SEAD does not cope with wormhole attacks. Deleting a node from the list. SEAD builds on the DSDV-SQ version of the DSDV (Destination Sequenced Distance Vector) protocol. 6.3. This protocol introduces authentication.2. Though ARAN is designed to enhance ad-hoc security. It provides point-to-point authentication of a routing message using a message authentication code (MAC) and a shared key between the two communicating parties.3. 6. but it is immune to the wormhole attack and rushing attack.4).2.5 SEAD Specifically.3 ARAN Authenticated Routing for Ad-hoc Networks (ARAN) is an on-demand routing protocol that detects and protects against malicious actions carried out by third parties and peers in particular ad-hoc environment [14].4 ARIADNE ARIADNE is an on-demand secure ad-hoc routing protocol based on DSR that implements highly efficient symmetric cryptography. 23 Security Threats in Mobile Ad Hoc Networks .

In section 3. node 1 wants to send data packets to node 4 and initiates the route discovery process. while leaving the data from the other nodes unaffected. 6.4.Chapter 6 6. even though the route is spurious. 6. We assume that node 3 is a malicious node and it claims that it has route to the destination whenever it receives RREQ packets.2. In this way. An attacker creates a tunnel and uses encapsulation and decapsulation to make a false route between two malicious nodes.4 Other Advanced Attacks Security Threats in Network Layer In recent researches. However. to advertise itself as having a valid route to a destination node. If the response from the node 3 reaches first to node 1 then node 1 thinks that the route discovery is complete. In fig.2. more sophisticated and subtle attacks have been identified in MANET. the attacker suppresses or modifies packets originating from some nodes. the attacker consumes the packets and never forwards. Byzantine. 24 Security Threats in Mobile Ad Hoc Networks . As a result. wormhole. the malicious node exploits the mobile ad hoc routing protocol such as AODV. with the intention of intercepting the packets. In second step.2. the attacker falsified the neighboring nodes that monitor the ongoing packets.2. ignores all other reply messages and begins to send data packets to node 3. Some protocols also enhanced their services and some other routing protocols are proposed to overcome the attacks.4.4.1 Wormhole Attack Wormhole attack is also known as tunneling attack. At first step. 6. the blackhole (or sinkhole). In an advanced form.2 Blackhole Attack The backhole attack is performed in two steps. Still it is an area of interest for the security personal. we have described wormhole attack in detail. all packets through the malicious node is consumed or lost [2]. and immediately sends the response to node 1. rushing attacks are the typical examples which are described below in detail.

a dedicated channel) then the tunneled packets can propagate faster than those through a normal multi-hop route.2. This attack degrades the routing performance and also disrupts the routing services. The target of resource consumption attack is to send request of excessive route discovery or unnecessary 25 Security Threats in Mobile Ad Hoc Networks . 6.4. If luckily the transmission path is fast enough (e.5 Resource Consumption Attack Energy is a critical parameter in the MANET. and result in the rushing attack.Chapter 6 Security Threats in Network Layer 2 1 6 5 3 4 Figure 6. forwarding packets in a long route instead of optimal one.g. The compromised nodes may create routing loops.2: The black-hole problem 6. two colluded attackers form a tunnel to falsify the original route.4. Battery-powered devices try to conserve energy by transmitting only when absolutely necessary [2].3 Byzantine Attack Byzantine attack can be launched by a single malicious node or a group of nodes that work in cooperation.4. even may drop packets. it is another form of denial of service (DoS) attack that can be launched against all currently proposed on-demand MANET routing protocols such as ARAN and Ariadne [5]. Basically.4 Rushing Attack In wormhole attack. A compromised intermediate node works alone or set of compromised intermediate nodes works in collusion to form attacks.2. 6.2.

3 Summary The network layer of the MANET is more immune to attack than all other layers.Chapter 6 Security Threats in Network Layer packets to the victim node in order to consume the battery life. It gathers the node location information such as a route map and knows which nodes are situated on the target route.4. A good secure routing algorithm can prevent the exploits presented in this chapter.6 Location Disclosure Attack Location disclosure attack is a part of the information disclosure attack. An attacker or compromised node thus can disrupt the normal functionalities of the MANET. Traffic analysis is one of the unsolved security attacks against MANETs. 26 Security Threats in Mobile Ad Hoc Networks . 6. They should be used in cooperation with each other. The malicious node leaks information regarding the location or the structure of the network and uses the information for further attack. There is no unique algorithm that can prevent all the vulnerabilities.2. 6. This attack is also known as sleep deprivation attack.

Like TCP protocol in the Internet model. The transport layer protocols in MANET provides end-to-end connection. securing end-to-end communications through data encryption. The sender sends a SYN message to the receiver with a Figure 7.1 SYN Flooding Attack The SYN flooding attack is also DoS attack which is performed by creating a large number of half-opened TCP connections with a target node. In the next sections. reliable packet delivery. threats in transport layer are discussed in detail. the nodes in a MANET are also vulnerable to the SYN flooding and session hijacking attacks. packet loss and so on. TCP connection between two communicating parties is established through completing three way handshakes which is described in the fig. 7.1.Chapter Seven Security Threats in Transport Layer The security issues related to transport layer are authentication. flow control. 7.1: TCP Three Way Handshake 27 Security Threats in Mobile Ad Hoc Networks . congestion control and clearing of end-to-end connection. handling delays.

The attacker may take the advantage of this and commit session hijacking attack. During SYN flooding attack. it sends out SYN-ACK packets to the sender and waits for response i. The victim node stores all the SYN packets in a fixed-size table as it waits for the acknowledgement of the three-way handshake.3 TCP ACK Storm TCP ACK storm is very simple.Chapter 7 Security Threats in Transport Layer randomly generated ISN (Initial Sequence Number). In this way the connection is established between two communicating parties using TCP three way handshakes. Node B is confused as the packet contains an unexpected sequence 28 Security Threats in Mobile Ad Hoc Networks . ACK packet. the target system becomes unavailable for some time. The attacker now continues the session with the other system as a legitimate system. he/she spoofs the IP address of target machine and determines the correct sequence number. The sender sends acknowledgement to the receiver. When the target machine receives the SYN packets. 7.e. The receiver also generates another ISN and sends a SYN message including the ISN as an acknowledgement of the received SYN message. a malicious node sends a large amount of SYN packets to the target node. the attacker launches a TCP session hijacking attack at the beginning. 7. 7. All the communications are authenticated only at the beginning of session setup.2 and node A acknowledges the received data with an ACK packet to node B. spoofing the return address of the SYN packets. At first. But to perform the attack. As a result.2 Session Hijacking Session hijacking is a critical error and gives a malicious node the opportunity of behaving as a legitimate system. After that he performs a DoS attack on the victim. These pending connection requests could overflow the buffer and may make the system unavailable for long time. After that the attacker sends injected session data as depicted in the fig.

e. except that the attackers need not to be worried about the overhead of managing sequence numbers and other TCP mechanisms since UDP is connectionless protocol. Acknowledges data with ACK packet 1. whether it is done by congestion.2: TCP ACK Storm 7. It is same over UDP as over TCP. Inject data into session 3. Confused B. sends its last ACK to try to resynchronize 2 and 3 repeat over and over Attacker Node A Node B Figure 7.Chapter 7 Security Threats in Transport Layer number and it tries to resynchronize the TCP session with node A by sending an ACK packet that contains the intended sequence number. On the other hand. But the steps are followed again and again and results in TCP ACK storm [15]. random error or malicious attacks.4 Summary MANET has a higher channel error rate when compared to wired network. This is due to TCP does not have any mechanism to distinguish the cause of loss i. UDP is also immune to session hijacking. 29 Security Threats in Mobile Ad Hoc Networks . 2.

2 Repudiation Attacks The solution that taken to solve authentication or non-repudiation attacks in network layer or in transport layer is not enough. Example of repudiation attack on a commercial system: a selfish person could deny conducting an operation on a credit card purchase or deny any on-line transaction [15].Chapter Eight Security Threats in Application Layer Applications need to be designed to handle frequent disconnection and reconnection with peer applications as well as widely varying delay and packet loss characteristics [13]. 30 Security Threats in Mobile Ad Hoc Networks . TELNET and FTP which have many vulnerabilities and access points for attackers. repudiation refers to a denial of participation in the communication.1 Malicious Code Attacks Various malicious codes such as virus. 8. HTTP. The main attacks in application layer are malicious code attacks and repudiation attacks. Like other layers application layer also vulnerable and attractive layer for the attacker to attack. Because this layer contains user data that supports many protocols such as SMTP. An attacker can produce this type of attacks in MANET and can seek their desire information [15]. spy-wares and Trojan horse attack both operating systems and user applications that cause the computer system and network to slow down or even damaged. Because. 8. worm.

malicious codes and application abuses. The main security issues involved in application layers are detecting and preventing viruses. 31 Security Threats in Mobile Ad Hoc Networks .Chapter 8 Security Threats in Application Layer 8. Heterogeneous network may suffer from various security threats that may increase packet delivery latency. worms.3 Summary Another fundamental problem in MANET is end-to-end security. increase packet loss rate and so on.

Network operation can easily be jeopardized if countermeasures are not embedded into basic network functions at the early stages of their design [11]. encryption and digital signature are used to provide first line of defense. - Preventive mechanism: In preventive mechanism. such as tokens or smart card that is accessible through PIN. 32 Security Threats in Mobile Ad Hoc Networks . Hence.Chapter Nine Countermeasures Security is a primary concern in MANET in order to provide protected communication between the communicating parties. It is essential for basic network functions like routing and packet forwarding. CORE and Token-based reduce selfish node behavior. access control. Confidant. the conventional approaches such as authentication. cooperation enforcement mechanisms etc. passphrases or biometrics verification are also used in addition. a variety of security mechanisms have been developed to counter malicious attacks. Some security modules. - Reactive mechanism: Reactive mechanism uses the schemes like intrusion detection system (IDS). Intrusion detection systems are used to detect misuse and anomalies. in MANET. Cooperation enforcement such as Nuglets. There are two mechanisms which are widely used to protect the MANET from the attackers.

DSSS (Direct Sequence Spread Spectrum) represents each data bit in the original signal by multiple bits in the transmitted signal through 11-bit Barker code. But recently a security extension to 802. However. the attacker must know frequency band.11i/WPA [7] has mended all obvious loopholes in WEP and future countermeasures such as RSN/AESCCMP are also being developed to improve the strength of wireless security. the threats of resource consumption (using NAV field) is still an open challenge though some schemes have been proposed such as ERA-802. As mentioned earlier.11 backoff scheme is slightly modified in that the backoff timer at the sender is provided by the receiver in stead of setting an arbitrary timer value on its own.11[12]. the common known security fault in link layer is the weakness of WEP. One of the vulnerabilities in link layer is its binary exponential backoff scheme which we described in fifth chapter 5. 9.4 section. On the other hand. The FHSS (Frequency Hopping Spread Spectrum) makes the signal unintelligible duration impulse noise to the eavesdroppers. Still. Fortunately. DoS attack and also some passive attacks.11 proposed in [10]. The original 802. the 802. there is a problem.1 Countermeasures on Physical Layer Attacks The physical layer of MANET is immune to signal jamming. 33 Security Threats in Mobile Ad Hoc Networks .Chapter 9 Countermeasures 9. both FHSS and DSSS pose difficulties for the malicious user while trying to intercept the radio signals. To capture and release the content of transmitted signal. spreading code and modulation techniques. Two spread spectrum technologies can be used to make it difficult to detect or jam signals. Finally.2 Countermeasures on Link Layer Attacks The security issues that are closely related to link layer are protecting the wireless MAC protocol and providing link-layer security support. These mechanisms are secure only when the hopping pattern or spreading code is unknown to the eavesdropper [15]. Spread spectrum technology changes frequency in a random fashion or spreads it to a wider spectrum which makes the capture of signal difficult.

and replay attacks. modification of source routes. et al presents a solution to overcome blackhole attack. TCP feedback (TCP-F) [4].4 Countermeasures on Transport Layer Attacks One way to provide message confidentiality in transport layer is point-to-point or end-toend communication through data encryption.Chapter 9 Countermeasures 9. message authentication code (MAC). For example. TLS/SSL provides protection against masquerade attacks. The solution is to disable the ability to reply in a message of an intermediate node. packet leashes are used to combat this attack [6]. ad-hoc transmission control protocol (ATCP) [4].3 Countermeasures on Network Layer Attacks Network layer is more vulnerable to attacks than all other layers in MANET. Though TCP is the main connectionoriented reliable protocol in Internet. it does not fit well in MANET. one-way HMAC key chain is used for this purpose. fabrication of source route etc [14]. For example. digital signature. 9. IPSec is most commonly used on the network layer in internet that could be used in MANET to provide certain level of confidentiality. man-inmiddle attacks. and ad hoc transport protocol (ATP) have been developed but none of them covers security issues involved in MANET. 34 Security Threats in Mobile Ad Hoc Networks . modification of hop counts. hashed MAC (HMAC). By an unalterable and independent physical metric such as time delay or geographical location can be used to detect wormhole attack. rollback attacks. The research by Deng [2]. Secure Socket Layer (SSL) [9]. TCP explicit failure notification (TCP-ELFN) [4]. Transport Layer Security (TLS) [9] and Private Communications Transport (PCT) [9] protocols were designed on the basis of public key cryptography to provide secure communications. The active attack like modification of routing messages can be prevented through source authentication and message integrity mechanism. spoofing. so all reply messages should be sent out only by the destination node. A variety of security threats is imposed in this layer. The secure routing protocol named ARAN protects from various attacks like modification of sequence number. Use of secure routing protocols provides the first line of defense.

5 Countermeasures on Application Layer Attacks Viruses. directional antennas [1] are used at the media access layer to defend against wormhole attacks while packet leashes [6] are used for network layer defense. Anti-spyware software can detect spyware and malicious programs running on the system. Intrusion Detection System (IDS) is effective to prevent certain attacks such as trying to gain unauthorized access to a service.6 Summary In this chapter we described the countermeasures of the attacks imposed in different layers. there are some attacks such as man-in-middle attack which is known as a multi-layer attack. Another mechanism. it can provide access control. For example. incoming and outgoing packet filtering. trozan horses are the common and challenging application layer attacks in any network. The countermeasures for this type of attack need to be implemented at different layers. accounting service etc. worms. The application layer also detects a DoS attack more quickly than the lower layers. pretending like a legitimate user etc. 35 Security Threats in Mobile Ad Hoc Networks . Still. network filtering. user authentication. spywares. Firewall provides protection against some of these attacks.Chapter 9 Countermeasures 9. Still using firewall is not enough because in certain situation the attacker even can penetrate firewall and make an attack. 9. For example.

The answer is that security services can be achieved through following the preventive and reactive countermeasures on the basis of particular attack. ‘How the security services like confidentiality. Some of those upcoming dangers are described in the next 36 Security Threats in Mobile Ad Hoc Networks . The first research question is ‘what are the vulnerabilities and security threats in MANET? Which level is most vulnerable to attack?’ In our study. This isolation of attacks on the basis of different layers makes easy to understand about the security attacks in ad hoc networks. The final research question is ‘what are the potential dangers that may be crucial in future?’ Everyday. integrity and authentication can be achieved from mobile ad hoc networks? What steps should be taken?’ is the second research question. we can say that security must be ensured for the entire system since a single weak point may give the attacker the opportunity to gain the access of the system and perform malicious tasks. we present a variety of attacks (chapter 4-8) related to different layers and find that network layer (chapter 6) is most vulnerable than all other layers in MANET. still there are many challenges left to overcome. The third question is ‘what are the countermeasures? How the security of the entire system is ensured?’ We focus on the potential countermeasures (chapter 9) either currently used in wired or wireless networking or newly designed specifically for MANET in our study. In this thesis.Chapter Ten Conclusion Mobile Ad Hoc Networks have the ability to setup networks on the fly in a harsh environment where it may not possible to deploy a traditional network infrastructure. Security is an important feature for deployment of MANET. the attackers are trying to find out the new vulnerability in MANET. In addition. Whether ad hoc networks have vast potential. we have overviewed the challenges and solutions of the security threats in mobile ad hoc networks.

1 Future Directions Significant research in MANET has been ongoing for many years. Hence. Cryptography is one of the most common security mechanisms and its strength relies on the secure key management. Existing solutions are well-suited only for specific attack. solution of the node selfishness problem can be considered in future research. but still in an early stage. necessity of secure routing protocol is inevitable. Existing routing protocols are subject to a variety of attacks that can allow attackers to influence a victim’s selection of routes or enable denial-ofservice attack. Symmetric cryptography is efficient but suffers from potential attack on key distribution. integrated approaches to routing security.Chapter 10 Conclusion section but it is sure that the multi-layer or combined attacks will be vital for secure communication in MANET. 10. 37 Security Threats in Mobile Ad Hoc Networks . They can cope well with known attacks but there are many unanticipated or combined attacks remaining undiscovered. Building a sound trust-based system and integrating it to the current preventive approaches. Finally. So. Identifying new security threats as well as new countermeasures demands more research in MANET. data security in different level and cooperation enforcement. More research is needed on secure routing protocol. The public cryptography scheme depends upon centralized CA (Certificate Authority) which is known as a security weak point in MANET. efficient key agreement and distribution in MANET is an ongoing research area. Resource consumption DoS attack is still unclear to the researchers. trust based systems. robust key management.

[11] P. IEE Wireless Communication. [7] IEEE Std. W. 2002. “The quest for security immobile ad hoc network. B. and N. and D. of IEEE INFORCOM.” 2002. 802. Los Angeles.” Prentice Hall PTR. Yang. M.” 2003.47. 2000. IEEE ICNP. CA. Vaidya. “Providing robust and ubiquitous security support for mobile ad-hoc networks.edu/jchen8/web/papers/SurveyBookchapter.. A. [2] H. L. L.” IEEE Press Wiley. of the ACM Workshop on Security of Ad Hoc and Sensor Networks. Kong et al. Dept. Sanzgiri. pages 251–260. ACM MOBICOM. and M.. of 10th IEEE International Conference on Network Protocols. Volume: 40. Wu.-P.” DCC. Buttyan. “Secure routing protocol for ad hoc networks. A division of Pearson Education. volume. 2002 [10] P. R. Florida Atlantic University. ISSN: 0163-6804 [3] J.. Sci. Capkun. F.” In Proc. HuBaux. Capkun.” In Proc. of Comput. H. 12-15 Nov. Perlman. Luo. 2002. D. [9] C. [13] R. “Packet Leashes: A Defense AgainstWormhole Attacks inWireless Ad Hoc Networks. Buttyan. of MobiCom 2002. “Ariadne: A Secure On-Demand Routing for Ad Hoc Networks. [12] A. [8] J. Molva. Dahill. 2003. USA. [4] H. Oct.” Handbook of Wireless Networks and Mobile Computing. Redi and BBN Technologies. “Routing security in wireless ad hoc networks. R.. J. Li.” Proc. B.” Internet Draft. California Univ. page(s): 70. Cardei. IEEE Communications Magazine. John Wiley and Sons. 2002. Volume: 40.” IEEE Communication Magazine. E. Johnson. Ye. Zhang. 2003. and S. Atlanta. A. New York. “The TESLA Broadcast Authentication Protocol.11i/D30. 2001.” Cincinnati Univ. Tygar. Hu.fau.” Proc. Johnson. Canetti.pdf [16] H.. page(s): 20-22. Oct. Sivakumar. J. and D. USA. Hsieh and R.” In proc. Edited by Ivan Stojmenovic. Proc. Wu. S. C. and J. “Detection and Handling of MAC Layer Misbehavior in Wireless Networks. ISSN: 1092-1648 [15] B. J. Belding-Royer. 2002. Lu.P. Song. Hu.References [1] S. CA. OH.87. L. “A brief overview of ad hoc networks: challenges and directions. “Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Specification for Enhanced Security. Agrawal. Page(s): 78.M. Kyasanur. J. [6] Y. “Network Security Private Communication in a Public World. Inc. ISSN: 0163-6804 [14]K. “Transport OverWireless Networks. May 2002. Perrig..” In Proc.11. USA. Deng. “Security in mobile ad hoc networks: challenges and solutions. Speciner. [5] Y. Levine. Perrig. Santa Barbara. Chen. “A Survey of Attacks and Countermeasures in Mobile Ad Hoc Networks. and D.. “Sector: Secure Tracking of Node Encounters in Multi-hop Wireless Networks. Perrig. http://student. Hubaux. “Ad hoc networks security. Shields. 2001.75. UCLA.” Department of Computer Science and Engineering. 2002.. ISSN: 1536-1284 38 . R. Ramanathan. Kaufman. Michiardi. Page(s): 38.N. Inc.

Zhou. [18] L. Naldurg. Volume: 13. Yi.J. ISSN: 0890-8044 39 . Kravets. and R. “Securing ad hoc networks. “Security-aware ad hoc routing for wireless networks. Nov/Dec 1999.” In Proc. Cornell Univ. Z.” IEEE Network.. 2001. ACM Mobihoc. Page(s): 24-30. Haas.[17] S. P.

Sign up to vote on this title
UsefulNot useful